Allow Windows Server 2016 to support disabling SMBv1 _and_ Server SPN target name validation
On Server 2016, disabling (removing) SMBv1 and having Microsoft network server: Server SPN target name validation level = Required from client (2) are currently not “working together”, yet it works on the other Windows operating systems just fine.
To recreate this:
1) Test with a Domain-joined Windows Server 2016 box
2) Remove-WindowsFeature FS-SMB1 on the Windows Server 2016 box
3) GPO set or reghack on the Windows Server 2016 box: Server SPN target name validation level = Required from client (2)
4) Reboot the Windows Server 2016
Domain Admins are now unable to connect to the \Server2016\C$ default share or any other shares from other domain-joined Windows computers.
Checking into this, thanks for mentioning.
Anyone come up with a solution of the problem?
I also ran into this setting up a new file server on 2016. Works fine on 2012R2, had to dial back GPO to get it to work. How can we be notified when this bug gets fixed so I can re-enable the policy?
Twan van Beers commented
Argh!!! I've just wasted 3 days on finding this out! I've disabled NetBIOS altogether and had Accept if client sends, and it breaks access to the administrative shares